838 matches found
Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server: April 2025
On April 16, 2025, a critical vulnerability in the Erlang/OTP SSH server was disclosed. This vulnerability could allow an unauthenticated, remote attacker to perform remote code execution RCE on an affected device. The vulnerability is due to a flaw in the handling of SSH messages during the...
Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp
Build bash » git clone https://github.com/0xPThree/cve-202...
CVE-2025-32433
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...
CVE-2025-32433 Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...
CVE-2025-32433 Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...
CVE-2025-32433 Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...
CVE-2025-32433
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...
CVE-2024-45482
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B APROL 4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands...
CVE-2024-45481
An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B APROL 4.4-00P5 may allow an authenticated local attacker to authenticate as another legitimate user...
CVE-2024-45481
An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL 4.4-00P5 may allow an authenticated local attacker to authenticate as another legitimate user...
CVE-2024-45482
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL 4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands...
CVE-2024-45482 Privilege escalation in B&R APROL
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL 4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands...
CVE-2024-45482
CVE-2024-45482 concerns the B&R APROL product. The SSH server in APROL versions prior to 4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands due to an Inclusion of Functionality from an Untrusted Control Sphere vulnerability. Affected prod...
CVE-2024-45482 Privilege escalation in B&R APROL
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL 4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands...
CVE-2024-45481
CVE-2024-45481 affects the SSH server in B&R APROL prior to 4.4-00P5. The vulnerability is due to incomplete filtering of special elements in scripts, enabling an authenticated local attacker to authenticate as another legitimate user. CVSS 4.0 vector indicates Local access, Low privileges requir...
Azure Linux 3.0 Security Update: cert-manager / cf-cli / docker-buildx / docker-compose / kubernetes / kubevirt / moby-compose (CVE-2025-22869)
The version of cert-manager / cf-cli / docker-buildx / docker-compose / kubernetes / kubevirt / moby-compose installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22869 advisory. - SSH servers which...
CVE-2025-27256
Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network...
CVE-2025-27256
Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network...
CVE-2025-27256
Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network...
CVE-2025-27256
CVE-2025-27256 concerns a Missing Authentication for Critical Function vulnerability in the GE Vernova Enervista UR Setup application. The issue is described as an authentication bypass caused by a missing SSH server authentication, which could allow an attacker with an unauthenticated client con...